EDITOR ’ S QUESTION
The biggest risk here is that organisations don ’ t see the forest for the trees . When you consider the wide scope of potential cyberthreats out there , it ’ s easy to get lost . Suddenly , you ’ re so focused on individual attack vectors that you miss the forest entirely , by which point it ’ s too late .
As we drive more Digital Transformation , oversights of this nature just won ’ t cut it . The potential for devastating disruption as a result of cybercrime is too large and organisations must step into Digital Transformation with a security-first mindset as a result . We are long past the point of saying ‘ it will never happen to us ’, and certainly know better than to assume we ’ ll never be breached .
So how do we instil that mindset ? The first thing is to re-evaluate our focus on defence . Looking at the whole picture – perimeter , network , endpoint , application and data – organisations must implement clear ways of detecting , preventing , investigating and responding to these cyberthreats .
Unfortunately , this crystal-clear focus is hard to come by thanks to an abundance of distracting signals , which is where the case for automation through AI and Machine Learning comes into play .
Think about it – security has evolved from a single focus on the perimeter and keeping the bad guys out , to an all-encompassing focus on internal and external security , and the abundance of tools and intelligence we have around that are too numerous to manually manage . But finding relevant correlations and augmenting those with external threat intelligence signals is the purview of automated systems leveraging Machine Learning and AI .
In conjunction , there is a strong need to rationalise the amount of security tools any one organisation uses . I often see up to 50 individual tools being implemented per organisation , which I believe actually contributes to lowering security postures , instead of raising them , simply due to how unmanageable it becomes and the assumption of sufficient coverage rather than actual protection .
And for the tools that we do hold on to , we must consider ecosystem integrations : how can these prevention , detection and mitigation technologies reinforce each other ?
There is potential to leverage intelligence from one solution to the next to complement capabilities and form a stronger defence . Think about the ability to inform your data recovery solution about the importance of the data being impacted and how that would prioritise your remediation efforts . The answer to creating this : technologies built on API-first principles .
Finally , a surefire way to not underestimate
these threats is to look at backup as a means of ransomware recovery . Ransomware has moved from disabling an organisation by encrypting all data , to
The potential for devastating disruption as a result of cybercrime is too large and organisations must step into Digital Transformation with a security-first mindset .
now extracting additional ransom by exfiltrating data and threatening to release it , broadening its impact . Everyone is a target no matter how safe you consider yourself to be and assuming a breach mentality and documenting and testing a ransomware recovery plan is just as vital as implementing any other Disaster Recovery planning , both of which require a sturdy backup strategy . p
FILIP VERLOY , RUBRIK ’ S FIELD CTO EMEA
www . intelligentcio . com INTELLIGENTCIO EUROPE 37